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TN THE CLAIMS 



Amended claims follow: 

1 . (Currently Amended) A method for estabUshing a cryptographic key 
between a first node and a second node, comprising: 

sending a first message from the first node to the second node, wherein the first 
message requests establishing the cryptographic key; 

sending a second message firom the second node to a key distribution center, 
wherein the second message includes a first node identifier for the first node, a second 
node identifier for the second node, and a message authentication code created using a 
second node key belonging to the second node; 

recreating the second node key at the key distribution center, wherein the second 
node key was previously created using the second node identifier and a secret key known 
only to the key distribution center; 

verifying at the key distribution center the message authentication code hi the 
second message usmg the second node key; and 

if the message authentication code is verified, 

creating tiie cryptographic key at the key (fistribution cemer. and 
communicathig the cryptographic key to the second node and the 
first node; 

wherein an update of a key distribution center database of shared keys t s, - at l e ast 
in-part, capable of bemg avoided when at least one of the nodes is unfamiliar; 

wherein communicating the cryptographic key to the second node and the first 
node includes: 

encrypting a hash value and tiie cryptographic key using the second node key to 

create a first encrypted key; 

recreating a first node key belonging to the first node, wherein the first node key 
was previously created using the secret key and the first node identifier; 

encrypting the hash value and tiie cryptographic key using the first node key to 
create a second encrypted key; 
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sending a third message from the key distribution center to the second node, 
wherein the third message includes the first encrypted key and the second encrypted key; 

decrypting at the second node the first encrypted key from the third message to 
recover the hash value and the cryptographic key; 
verifying the hash value; and 
if the hash value is verified, 

sending a fourth message to the fust node from the second node, 
wherein the fourth message includes the second encrypted key and a key 
confirmation value so that the first node can confirm that the 
cryptographic key has been established, 

decrypting at the furst node the second encrypted key from the 
fourth message to recover the hash value and the cryptographic key, 
verifying the hash value, 

establishing at the first node that the second node has the 
cryptographic key, and 

if the hash value is verified and it is established at the first node 
that the second node has the cryptographic key, 
sending a fifth message to the second node from the first node so that the second 
node can confirm that Ae cryptographic key has been established; 

wherein the first message includes the first node iden tifier, the second node 
identifier, a tliird identifier for the key distribution ce nter, and a first nonce, wherein a 
nonce is a random number selected for message con firmation numoses that has a 
statistically low probability of being reused; 

wherein the second message includes the third identifier, the second node 
identifier, the first node identifier, a sec ond nonce, the first nonce, and the message 
authentication code, wherein the mess ag e authentic ation code is created from the third 
identifier, the second node identifier, the first node identifier, the second nonce, and the 
first nonce: 

wherein verifying the m essa ge authentication code includes: 
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creating a test message authenticati nn r.ode from the third identifier, the 
^P<-r.nd nnde identifier the first nod e identifier, the second nonce, and the firet 
nonce using the second node key: and 

comparing the test message authentic ation cods with the mes$ap;e 

anth ^yitication code: 

whftrein the hash value is created from the sec ond node identifier, the first node 
identifier, the second nonce, and th e first nonce; 

wherein the third message includes the sec ond node identifier, the first node 
identifier, the second encrypted kev. a nd the first encrypted key. 

2. (Cancelled) 

3. (Cancelled) 

4. (Cancelled) 

5. (Cancelled) 

6. (Cancelled) 

7. (Cancelled) 

8 . (Cunently Amended) The method of claim [[7]]L wherein validating the 
hash value at the s e cond nodo^ includes: 

creating a first test hash value from the second node identifier, the first node 
identifier, the second nonce, and the first nonce; and 

comparing the first test hash value with the hash valxie. 

9. (Original) The method of claim 8, wherein the fourth message includes the 
first node identifier, the second node identifier, the second nonce, the first encrypted key. 
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and a first confirmation value, wherein the first confinnation value has been encrypted 
wilh the cryptographic key. 

10. (Original) The method of claim 9, wherein the first confirmation value 
includes the second nonce and the fu-st nonce. 

1 1 . (Previously Amended) The method of claim 1 0, wherein verifying the 

hash value includes: 

creating a second test hash value from the second node identifier, the first node 
identifier, the second nonce, and the first nonce; and 

comparing the second test hash value with the hash valxxe. 

12. (Original) The method of claim 1 1, wherein establishing at the first node 
that the second node has the cryptographic key includes: 

decrypting the first confinnation value using the cryptographic key; and 
verifyirLg that the first nonce is what was sent in the first message. 

13. (Original) The method of claim 12, wherein the fifth message includes: 
the second node identifier, the first node identifier, and a second confirmation 

value. 

1 4. (Original) The method of claim 1 3 , v^erein creating the second 
confirmation value at the first node includes: 

reordering the first nonce and the second nonce recovered by decrypting the first 
confirmation value to create the second confirmation value; and 

encrypting the second confirmation value using the cryptographic key. 

1 5 . (Original) The method of claim 1 4» wherein confirming at the second node 
that the cryptographic key has been established includes: 

decrypting the second confirmation value using the cryptographic key; and 
verifying that the second nonce was sent in the second message. 
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1 6. (Original) The method of claim 1 , father comprisiDg: 

creating the second node key, wherein the second node key is created using the 
secret key and the second node identifier; and 

installing the second node key into the second node prior to deployment of the 

second node. 

1 7 . (Previously Presented) The method of claim 1 , further comprising: 
creating the furst node key, wherein the fu:st node key is created using the secret 

key and the first node identifier; and 

installing the first node key into the first node prior to deployment of the first 

node. 

1 8. (Currently Amended) A computer-readable storage medium storing 
instructions that when executed by a computer cause the computer to perform a method 
for establishing a cryptographic key between a first node and a second node, the method 
comprising: 

sending a first message firom the first node to the second node, wherein the first 
message requests establishing the cryptographic key; 

sending a second message fixjm the second node to a key distribution center, 
wherein the second message includes a first node identifier for the first node, a second 
node identifier for the second node, and a message authentication code created using a 
second node key belonging to the second node; 

recreating the second node key at the key distribution center, wherein the second 
node key was previously created using the second node identifier and a secret key known 
only to the key distribution center; 

verifying at the key distribution center the message authentication code in the 
second message using the second node key; and 

if the message authentication code is verified, 

creating the cryptographic key at the key distribution center, and 
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communicating the cryptographic key to the second node and the 
first node; 

wherein an update of a key distribution center database of shared keys is , at Icoat 
in port, capable of being avoided when at least one of the nodes is unfamiliar; 

wherein communicating the cryptographic key to the second node and the first 
node includes: 

encrypting a hash value and the cryptographic key using the second node key to 
create a first encrypted key; 

recreating a first node key belonging to the first node, wherein the first node key 
was previously created using the secret key and the first node identifier; 

encrypting the hash value and the cryptographic key using the first node key to 
create a second encrypted key; 

sending a thiixi message fi:om the key distribution center to the second node, 
wherein the thiid message includes the first encrypted key and the second encrypted key; 

decrypting at the second node the first encrypted key from the third message to 
recover the hash value and the cryptographic key; 
verifying the hash value; and 
if the hash value is verified, 

sending a fourth message to the first node from the second node, 
wherein the fourth message includes the second encrypted key, 

decrypting at the first node the second encrypted key fit>ni the 
fourth message to recover the hash value and the cryptographic key, 
verifying the hash value, 

establishing at the first node that the second node has the 
cryptographic key, and 

if the hash value is verified and it is established at the first node 
that the second node has the cryptographic key, 
sending a fifth message to the second node from the first node so that the second 
node can confirm that the cryptographic key has been established; 

wherein the first message includes the first node identifier, the second node 
identifier, a third identifier for the key distribution center, and a first nonc e, wherein a 
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i,n»r.ft is a ^andt^rn nnmher sele c tflcl for message confirmation purpose? that has a 
statistically ]nvt probabilit Y nf being reused; 

xyl^^TPin the second me-'isage includes the third identifier, the second nodg 
\d^r^i\fyeT. the fi.^t «nde identifi e r, a second nonce, the first nonce, and th^ message 
authentication rnHft wherein t h e, message authentication code is created from the third 
identifier, the second node iden tifier, the first noHe irtentifiei. tfat- second nonce, and the 
first nonce; 

wherein verifying the message authen tication code includes: 

creating a test message authentication code fi'om the third identifier, the 

c^onnH nrvie identifier, tha first node id entifier, the second nonce, and the first 

nonce using the second node kev: and 

comparing the test mess^ pe authentioBtinn code with the message 

authentication code; 

wherftin the hash valnft is created fr o m the second node identifier, the fiygt node 
identifier, the second nonce, and the first nonce; 

wheifein the third message includes the sec ond node identifier, the first node 
identifier, the second encrypted key, and the first encnrpted key. 

19. (Cancelled) 



20. (Currently Amended) An t^paratus that facilitates establishing a 
cryptograpWc key between a first node and a second node, comprising: 

a first sending mechanism that is configured to send a first message ftota the first 
node to the sefcond node, wherein the first message requests establishing the 
cryptographic key; 

a second sending mechanism that is configured to send a second message from 
the second node to a key distribution center, wherein the second message includes a first 
node identifier for the first node, a second node identifier for the second node, and a 
message authentication code created using a second node key belonging to the second 
node; 
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a key recreating mechanism that is configured to recreate the second node key at 
the key distribution center, wherein the second node key was previously created using the 
second node identifier and a secret key known only to the key distribution center; 

a first verifying mechanism at the key distribution center that is configured to 
verify the message authentication code in the second message using the second node key; 

a creating mechanism that is configured to create the cryptographic key at the key 
distribution center; 

a communicatinB mechanism that is configured to communicate the cryptographic 
key to the second node and the first node; 

an encrypting mechanism that is configured to encrypt a hash value and the 
cryptographic key using the second node key to create a first encrypted key; 

the key recreating mechanism that is fijrther configured to recreate a first node 
key belonging to the first node, wherein the first node key was previously created using 
the secret key and tiie first node identifier; 

the encrypting mechanism that is further configured to encrypt the hash value and 
flie cryptographic key using the first node key to create a second encrypted key; 

a third sending mechanism tiiat is configured to send a third message fifom the key 
distribution center to the second node, wherein the third message includes the first 
encrypted key and the second encrypted key; 

a first decryptii^ mechanism at the second node that is configured to decrypt the 
first encrypted key fi'om the third message to recover the hash value and the 
cryptogrjtphic key; 

a second verifying mechanism that is configured to verify flie hash value; and 
the second sending mechanism that is furflier configured to send a fourth message 

to the first node from the second node, wherein the fourth message includes the second 

encrypted key, 

a second decrypting mechanism at the first node that is configured to decrypt the 
second encrypted key from the fourth message to recover the hash value and the 
cryptographic key, 

a third verifying mechanism that is configured to verify the hash value, 
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an estabUshing mechanism at the first node that is configured to establish that the 
second node has the cryptographic key> and 

the first sending mechanism that is further configured to send a fifth message to 
the second node from the first node so that the second node can confirm that the 
cryptographic key has been established^ 

wherein an update of a key distribution center database of shared keys isr^t least 
in part; capable of being avoided when at least one of the nodes is unfamiliar; 

whftfdn the first message includas the furst node identifier, the second node 
identifier, a third identifier for the kev distribution center, and a first nonce, wherein a 
nonce is a random number selected for message co nfirmation purposes that has a 
statisticallv low probability of being reused; 

whei^in the second message includes the third identifier, the second node 
identifier, ths first node identifier, a second nonce, the first nonce, and the mQg^age 
authentication code, wherein the messag e authentication code is created fi:om the third 
identifier, the second node identifier, the first node identifier, the second nonce, and the 
first nonce: 

vv4ierein verifying the message authentication code includes: 

creatin g a test message authentication code fix )m the third identifier, the 

second node identifier, the first node identifier^ the second nonce, and the first 

nonce using the second node kev; and 

comparing the test message authentication code with the message 

authentication code; 

wherein the hash value is created ftom the second node identifi er, the first node 
identifier, the second nonce, amd the first nonce: 

wherein the third message includes the second node identifie r, the first node 
identifier, the second encrypted kev. and the fir st encrypted kev. 

21. (Cancelled) 
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